toggle

AAPL Stock: 567.77 ( + 43.02 )

Printed from http://www.macnn.com

Apple criticized for security advisories

updated 10:00 pm EDT, Tue May 4, 2004

Apple security advistories

Security analysts are , saying that the company is severely downplaying the seriousness: "Five vulnerabilities released Monday affect various components of the Mac OS X operating system. The greatest threat is a buffer overflow in the Apple file-sharing system that could allow a remote attacker to take over control of the system. But the company described it as a correction 'to improve the handling of long passwords.'... Most security companies normally classify a remotely exploitable software flaw as a 'critical' vulnerability."




by MacNN Staff

POST TOOLS:

TAGS :

toggle

Comments

  1. phillymjs

    Joined: Dec 1969

    0

    Pfft

    It's a ZDNet article, so you know it's 100% objective. ;-)

    From the article:
    "They are not characterizing the issue so that people can make a security decision about it," said Chris Wysopal, vice president of research and development at @Stake, a digital security firm that found the flaw and reported it to Apple. "It seems they think that everyone will update their computers all the time, and that is not the way the world works."

    That's not the way the *Windows* world works, bub, because the dumb users don't know to update and the smart users are afraid to update lest the update break a critical app. Mac users *always* install their patches-- we might wait up to a week to make sure everything's cool, but we always install our patches.

  1. JeffHarris

    Joined: Dec 1969

    0

    Song of the Shill

    Leave to ZDNet.

    Apple actually PLUGGED the security holes, BEFORE they were widely reported... and ZD complains.

    Windows, that a huge block of Swiss cheese at a picnic surrounded by ants, flies and maggots, and does ZD complain? Nah.

  1. graey

    Joined: Dec 1969

    0

    Oooh...

    Let's see...how many systems had the vulnerability exploited, (other than the ones in the hands of the "security" people)? Would that be...none? If none were compromised then I fail to see how it is "critical".....maybe it's just me.

  1. LouZer

    Joined: Dec 1969

    0

    Question

    Isn't the fact they're releasing a security update info enough to know there's a problem. I mean, who reads MS security bulletins? They just know "Hey, there's a security patch available, it must be important". Most users don't read each one going "Hmm, according to this its only a problem if I receive an email containing a movie file with a real long file name and someone says the word 'p****'. I don't get movies, so I'll ignore that one...

    Oh, and to the guy who says its not critical because no one's broken it yet, keep in mind that Sasser chews through a HUGE hole in XP, but the fix for it was released as 'critical' not because it was a problem, but because it COULD be a serious problem (gee, just like it is). At least the Apple file being whined about requires you to have file sharing turned on and all that kind of fun. The Sasser worm just infects anyone unpatched, without the user necessary being the wiser.

  1. vortexlift

    Joined: Dec 1969

    0

    The Sky Is Falling!

    Boy, it's sure nice know people in the internet security biz knows how to scare up some business! : o
    Sarcasm aside, does anyone know of a single piece of malicious code loose in the "wild" that exploits any of the recent batch of "security holes" that's been discovered?

  1. Nitride

    Joined: Dec 1969

    0

    Buffer Overflow Overhype

    Buffer Overflows are about as bad as iChat AV crashing in the middle of a steamy chat with your girlfriend. Frustrating, embarrassing and easy to forget about.

    There is simply no way to execute random code via a buffer overflow using a "specially crafted file" on the Macintosh platform. The fundamental differences in the processor and OS from Intel makes this impossible.

    Now, you could somehow get a rogue file on a user's system, crash a daemon and when it restarted it could load a compromised file somehow, but that is entirely different than what these overzealous security experts are screaming about.

    This scenario however requires a significant series of steps to gain access to a user's system and also admin or 'root' priveleges to install compromised files and then crash a daemon.

    So far Apple's most serious compromises require a person to be physically seated in front of a Mac OS X computer to gain access of some level.

    And all security fixes are rolled into each other or in general Mac OS X updates, and based on my reading of web logs and email headers most Mac people on the internet are fully up to date.

  1. Nitride

    Joined: Dec 1969

    0

    BTW

    No one seems all that upset that a large number of grocery stores were all but shutdown by the latest Windows virus, at least in the South East area.

    The stores could not process any network-based transactions (checks, CCs, Debit cards) at all due to the shutdown of the network either due to or to help stop the latest virus on Windows.

    We repeatedly told the store to put out a sign, but of course that would drive away non-cash business instead of keeping people in the store shopping only to find out they must wait 15 minutes for their checkout process to be completed manually with a telephone call.

    The pharmacy was shutdown because of this as well. All because some kid somewhere didn't get enough attention from his Baby Boomer parents.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

MacNN Sponsor

Recent Reviews

STM Trust technology bag

The search for a good messenger bag that doubles as a laptop bag is something many travelers find themselves facing at least once. Bet ...

PenClic Bluetooth mouse

Windows 8 aside, computer users have been trained that a mouse is the proper way to navigate through the desktop for many years now. T ...

Booqpad for iPad Air

Before we get rolling, I'll confess: I've never understood the purpose of cases like the Booqpad. If you've got a tablet, surely p ...

toggle

Most Commented